Google paid a record remuneration for disclosure
21.01.2018 0 Comments
Chinese security expert has received 112 $ 500 for a vulnerability in Android.
This week Google announced the payment of remuneration to Guan Gong, a researcher of vulnerability and the employee of the Chinese company Qihoo 360 Technology. He provided a report on breach in August 2017.
At last year’s Pwn2Own competition Google Pixel is the only smartphone that has failed to crack. However, the team Qihoo 360 was able to identify a number of vulnerabilities, the joint operation of which allows you to remotely execute code on the Pixel and other Android devices.
For the chain of exploits, the team earned $105 thousand in the framework of the Android Security Rewards (ASR) and another $7.5 thousand on reward program for vulnerabilities in Chrome.
Google is working on securing phones Pixel in hardware and in software. Pixel 2 and Pixel 2 XL are protected from unauthorized access hardware. Google claims that the hackers will be difficult to decrypt the data without knowing the password. But Gong and his team at Pwn2Own 2016, the prestigious annual competition hackers managed to hack into a Pixel of the first generation in 60 seconds. Qihoo 360 won the cash prize in the amount of $ 120,000 for their efforts. In total it turned out 520 000 dollars in prize money in the competition for breaking into several programs, including Adobe Flash.
Follow the news of the Apple in our Telegram-channel, as well as in the app on iOS MacDigger.